ID

VAR-201801-0296


CVE

CVE-2017-1000471


TITLE

EmbedThis GoAhead Webserver In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011857

DESCRIPTION

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service. Embedthis Goahead Webserver is a small and exquisite embedded Web server of American Embedthis Software Company, which supports embedding in various devices and applications. CGI handler is one of the CGI handlers

Trust: 1.71

sources: NVD: CVE-2017-1000471 // JVNDB: JVNDB-2017-011857 // VULHUB: VHN-100200

AFFECTED PRODUCTS

vendor:embedthismodel:goaheadscope:eqversion:4.0.0

Trust: 2.4

sources: JVNDB: JVNDB-2017-011857 // CNNVD: CNNVD-201801-117 // NVD: CVE-2017-1000471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1000471
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-1000471
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201801-117
value: HIGH

Trust: 0.6

VULHUB: VHN-100200
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-1000471
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-100200
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1000471
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-100200 // JVNDB: JVNDB-2017-011857 // CNNVD: CNNVD-201801-117 // NVD: CVE-2017-1000471

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-100200 // JVNDB: JVNDB-2017-011857 // NVD: CVE-2017-1000471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-117

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201801-117

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011857

PATCH

title:Fix a null pointer dereference, if initial walloc() fails or wrealloc () failsurl:https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7

Trust: 0.8

title:Fix null pointer dereferences and add integer overflow check #258url:https://github.com/embedthis/goahead/pull/258

Trust: 0.8

title:EmbedThis GoAhead Webserver CGI handler Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77441

Trust: 0.6

sources: JVNDB: JVNDB-2017-011857 // CNNVD: CNNVD-201801-117

EXTERNAL IDS

db:NVDid:CVE-2017-1000471

Trust: 2.5

db:JVNDBid:JVNDB-2017-011857

Trust: 0.8

db:CNNVDid:CNNVD-201801-117

Trust: 0.7

db:VULHUBid:VHN-100200

Trust: 0.1

sources: VULHUB: VHN-100200 // JVNDB: JVNDB-2017-011857 // CNNVD: CNNVD-201801-117 // NVD: CVE-2017-1000471

REFERENCES

url:https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7

Trust: 1.7

url:https://github.com/embedthis/goahead/pull/258

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1000471

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-1000471

Trust: 0.8

sources: VULHUB: VHN-100200 // JVNDB: JVNDB-2017-011857 // CNNVD: CNNVD-201801-117 // NVD: CVE-2017-1000471

SOURCES

db:VULHUBid:VHN-100200
db:JVNDBid:JVNDB-2017-011857
db:CNNVDid:CNNVD-201801-117
db:NVDid:CVE-2017-1000471

LAST UPDATE DATE

2024-11-23T22:26:34.123000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-100200date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2017-011857date:2018-02-01T00:00:00
db:CNNVDid:CNNVD-201801-117date:2018-01-04T00:00:00
db:NVDid:CVE-2017-1000471date:2024-11-21T03:04:48.260

SOURCES RELEASE DATE

db:VULHUBid:VHN-100200date:2018-01-03T00:00:00
db:JVNDBid:JVNDB-2017-011857date:2018-02-01T00:00:00
db:CNNVDid:CNNVD-201801-117date:2018-01-04T00:00:00
db:NVDid:CVE-2017-1000471date:2018-01-03T20:29:00.453